add some comments :)

Author: Your Name

contribs/gnofaucet/coins.go

@@ -17,14 +17,18 @@ func getAccountBalanceMiddleware(tm2Client *tm2Client.Client, maxBalance int64)
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(
 			func(w http.ResponseWriter, r *http.Request) {
-				var data request
 				body, err := io.ReadAll(r.Body)
 				if err != nil {
 					http.Error(w, err.Error(), http.StatusBadRequest)
 					return
 				}
 
+				var data request
 				err = json.Unmarshal(body, &data)
+				if err != nil {
+					http.Error(w, err.Error(), http.StatusBadRequest)
+					return
+				}
 				r.Body = io.NopCloser(bytes.NewBuffer(body))
 				balance, err := checkAccountBalance(tm2Client, data.To)
 				if err != nil {

contribs/gnofaucet/cooldown.go

@@ -8,7 +8,7 @@ import (
 // CooldownLimiter is a Limiter using an in-memory map
 type CooldownLimiter struct {
 	cooldowns    map[string]time.Time
-	mu           sync.Mutex
+	mu           sync.RWMutex
 	cooldownTime time.Duration
 }
 
@@ -22,15 +22,23 @@ func NewCooldownLimiter(cooldown time.Duration) *CooldownLimiter {
 
 // CheckCooldown checks if a key has done some action before the cooldown period has passed
 func (rl *CooldownLimiter) CheckCooldown(key string) bool {
-	rl.mu.Lock()
-	defer rl.mu.Unlock()
-
-	if lastClaim, found := rl.cooldowns[key]; found {
-		if time.Since(lastClaim) < rl.cooldownTime {
-			return false // Deny claim if within cooldown period
-		}
+	lastClaim := rl.get(key)
+	if time.Since(lastClaim) < rl.cooldownTime {
+		return false // Deny claim if within cooldown period
 	}
 
-	rl.cooldowns[key] = time.Now()
+	rl.set(key, time.Now())
 	return true
 }
+
+func (rl *CooldownLimiter) get(key string) time.Time {
+	rl.mu.RLock()
+	defer rl.mu.RUnlock()
+	return rl.cooldowns[key]
+}
+
+func (rl *CooldownLimiter) set(key string, value time.Time) {
+	rl.mu.Lock()
+	defer rl.mu.Unlock()
+	rl.cooldowns[key] = value
+}

contribs/gnofaucet/gh.go

@@ -11,6 +11,17 @@ import (
 	"github.com/google/go-github/v64/github"
 )
 
+// getGithubMiddleware sets up authentication middleware for GitHub OAuth.
+// If clientID and secret are empty, the middleware does nothing.
+//
+// Parameters:
+// - clientID: The OAuth client ID issued by GitHub when registering the application.
+// - secret: The OAuth client secret used to securely authenticate API requests.
+// - cooldown: A cooldown duration to prevent several claims from the same user.
+//
+// GitHub OAuth applications require a client ID and secret to authenticate users securely.
+// These credentials are obtained when registering an application on GitHub at:
+// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app
 func getGithubMiddleware(clientID, secret string, cooldown time.Duration) func(next http.Handler) http.Handler {
 	coolDownLimiter := NewCooldownLimiter(cooldown)
 	return func(next http.Handler) http.Handler {
@@ -24,6 +35,13 @@ func getGithubMiddleware(clientID, secret string, cooldown time.Duration) func(n
 					return
 				}
 
+				// Extracts the authorization code returned by the GitHub OAuth flow.
+				//
+				// When a user successfully authenticates via GitHub OAuth, GitHub redirects them
+				// to the registered callback URL with a `code` query parameter. This code is then
+				// exchanged for an access token.
+				//
+				// Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#2-users-are-redirected-back-to-your-site-by-github
 				code := r.URL.Query().Get("code")
 				if code == "" {
 					http.Error(w, "missing code", http.StatusBadRequest)

contribs/gnofaucet/serve.go

@@ -219,8 +219,8 @@ func execServe(ctx context.Context, cfg *serveCfg, io commands.IO) error {
 	middlewares := []faucet.Middleware{
 		getIPMiddleware(cfg.isBehindProxy, st),
 		getCaptchaMiddleware(cfg.captchaSecret),
-		getGithubMiddleware(cfg.ghClientID, cfg.ghClientSecret, 1*time.Hour),
 		getAccountBalanceMiddleware(cli, cfg.maxBalance),
+		getGithubMiddleware(cfg.ghClientID, cfg.ghClientSecret, 1*time.Hour),
 	}
 
 	// Create a new faucet with